|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
a better permit_mx_backup
From: Marco d'Itri (md
Linux.IT)
Date: Wed Dec 27 2006 - 10:21:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I am trying to replace a large sendmail installation which filters mail
for some thousands of customers domains. This makes impractical building
on a short notice a list for $relay_domains, so I'd like to continue
supporting the current method of an externally unreachable highest
priority MX and filtering relays as lower priority MX.
As was previously discussed on this list, permit_mx_backup does not
interact well with reject_unverified_recipient (because it returns OK or
DUNNO), so I tried to replace it with an invocation of
check_recipient_mx_access returning REJECT for all networks but mines.
# "usual" configuration
smtpd_recipient_restrictions =
...
reject_unverified_recipient
permit_mx_backup
# "new" configuration
smtpd_recipient_restrictions =
check_recipient_mx_access cidr:/etc/postfix/allow_mx_backup
...
reject_unverified_recipient
permit # the last two entries to trick postfix to
check_relay_domains # accept mail for every destination left
# allow_mx_backup map:
10.0.0.0/17 DUNNO
0.0.0.0/0 reject_unauth_destination
I tested this configuration and it appears to work, did I missing anything?
Will check_recipient_mx_access deal gracefully with transient DNS errors?
Also, is there a way better way to configure the restrictions, to
suppress this warning message?
Dec 27 13:38:54 amon postfix/smtpd[3530]: warning: restriction `check_relay_domains' after `permit' is ignored
--
ciao,
Marco
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]